We just learned that we couldn't configure a DMZ with the 501 so we're heading out to purchase a 506. I was wondering if someone could assist in what steps I'll need to take to configure the DMZ. I'm not a high level networking person but I know the 506 only hast two IF's like the 501 but the 506 allows for the creation of VLAN's so support a DMZ.

Right now, our internal network is on a 192.168.1.x scheme. I set up a second vlan on the Dell switch and assigned 3 out of the 24 ports to it. I'm simply looking for directions to follow once the 506 arrives in the mail.

pretty simple. just assign the 3rd interface ont eh 506 with an address that is in the "dmz" vlan. your hosts behind that vlan will have their defualt gateway as the address of hte dmz interface of the pix. basically thats it.

vlan2 would be if you planned on using vlan number 2, if you want to use 20, then type vlan20 instead.
the number 1 for the nat command would change depending on the corresponding number you want to tie it to for the global command
the first two static commands make it so there is effectively a nonat between the inside and dmz interfaces so you can see the true ip of the client connecting on dmz servers and vice versa.
the third static is to do a translation between a public IP and the dmz server
you then do the acl and apply it, the clear xlate since you changed the translation table on the pix

Cyclops.....I just checked my threads here for the first time in a while and didn't see your post. I played around with this today but screwed my PIX up. It's back to basic mode with not much of a config. On the Switch, I simply select E1 and change the port settings to Trunk? I don't have to set up any VLAN's on the switch?

>>On the Switch, I simply select E1 and change the port settings to Trunk?
Not really sure what that means "E1", reference to switches. Will have to look that up. As for setting to Trunk, that is correct. The other part is making sure its a 802.1q trunk and not something else like ISL.

>>I don't have to set up any VLAN's on the switch?
Maybe, maybe not. Never dealt with a Dell switch. Most of the time what I've seen (but I've only dealt with Cisco managed switches) the trunk will auto-pass all vlans over that link. However, non-native vlan traffic may not be passed because the vlan database may need to be configured to process the specific vlan you are adding.

Again, the important thing here is knowing that the switch support 802.1q vlans. If no, then what you want to do is not possible with the 506e.

I just checked and the Dell PowerConnect 3424 switch does support 801.1q vlans which is great. I noticed in some other forums/groups that people were saying to set up the config so that you're using Ethernet0 to set up the VLAN but you're suggesting Ethernet1.

Featured Post

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:
• Key questions to ask when considering a partnership to accelerate your business into the cloud
• Pitfalls and mistakes other partners…

Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…